Better, Stronger, Smarter Cybersecurity
Six reasons why having backups are crucial for your business
The increase in ransomware attacks and high-profile data breaches over the last few years has reinforced the importance of data security. It should be noted that WannaCry infected more than 300,000 computers worldwide, encrypting sensitive business data and disrupting productivity for an entire week. Recent research indicates that an average of 2,244 cyberattacks happen globally each day, and many of these attacks are targeting sensitive business data.
Large enterprises are clear treasure troves of data in the eyes of hackers, but small and medium-sized businesses (SMBs) are often targeted as well. Businesses are becoming more dependent on data in the 21st century, which means the demand for data security is increasing.
However, data security isn’t just about protecting data from malicious outsiders; remediation is a critical aspect of data security. While you can’t predict when data loss will happen, you can make sure your business has the right solutions to recover its critical data. IT managers are responsible for implementing the right data backup and disaster recovery procedures in their businesses.
Here are a few reasons why your business needs to perform data backups and implement a disaster recovery solution:
1. Preventive measures don’t always work
Businesses should take a proactive approach to cybersecurity by equipping themselves with network security solutions, strong firewall configurations, and patch management tools, but they also need solutions for mitigating data loss. SMBs are clearly not immune to having their data stolen or encrypted by ransomware, but according to research by Nationwide Insurancehttps://blog.nationwide.com/news/disaster-recovery-plan-study-results/, 68 percent of SMBs don’t have a disaster recovery plan. Every organization, big or small, needs to have a plan for mitigating the aftermath of natural disasters, server downtime, and other complex situations.
2. Cyberattacks are constantly evolving
According to a CNN report, the average small business hit with ransomware in 2017 lost over us$100,000 (£80,850) due to downtime. What’s more, these businesses struggled to recover their encrypted data, if they were able to recover it at all. Ransomware is just the tip of the iceberg in terms of cyberattacks; malware, DDoS attacks, data breaches, supply chain attacks, and zero-day exploits are a constant threat.
These cyberattacks usually target sensitive business information stored in the cloud or on-premises. The frequency of cyberattacks has increased. Businesses today are seeing a massive influx of data for every activity , and attackers are ready to capitalize on this steady stream.
In 2019 1 in 5 SMBs fell victim to a ransomware attack. Meanwhile, downtime costs are now 23 times greater than the average ransom request, showing why organizations should look carefully for solutions to help them get over these problems easier and faster.
3. Natural disasters can halt business in an instant
According to phoneixnap, 93% of companies without Disaster Recovery who suffer a major data disaster are out of business within one year. However 96% of companies with a trusted backup and disaster recovery plan were able to survive ransomware attacks.
4. Lost data can cost you finanacially and reputationally
The cost of losing data has been increasing over the last few years. The value of data has increased because we are relying on it more, and hackers are therefore demanding more money. Additionally, new regulation laws have been implemented, and if you don’t comply with those, you could be liable to pay massive fines.
According to recent research conducted by Symantec and Ponemon Institute, UK firms will be forced to pay an average of £1.9 million a year, or £71 per record, for every instance of data loss they experience and this has increased year-on-year for the third year running.
As well as taking a severe financial hit, the reputation of the company suffers as well. GDPR has brought more transparency which means consumers become more aware of data breach incidents. Additionally, GDPR gives consumers the right to be deleted from your database, which means they can easily switch to another brand they consider more secure. An example is the case of TalkTalk, where the company lost around 100,000 customers after a data breach.
GDPR requires data to be available to the subject at any time
5. Cloud computing demands additional backups
Moving your on-premises operations to the cloud can save your business money and reduce its management efforts, but the cloud isn’t without its risks. When businesses store their corporate data on the cloud, they’re placing the security of that data into the hands of the cloud provider.
6. Insider threats are often unseen
You never know whether one of your employees will pose a threat to your business’ data. A disgruntled employee could easily steal or erase business-critical data if you don’t have proper security controls in place.
Data backup tips for keeping business running smoothly
Having proactive data backup procedures in place can add additional security for your business and allow you to handle any unforeseen data loss situations, keeping your productivity and brand stable. Since data loss can happen at any time and in a multitude of ways, just making backups is a good place to start. However, keeping consistent backups is key. If a disaster strikes and your last backup is six months old, your business will have a hard time recovering.
Additionally, the 3-2-1 rule is often recommended for maintaining backups: keep three total copies of your data, in two different mediums, with one copy stored off-site. Maintaining physical backups even if you use cloud storage is advised in case your cloud provider experiences downtime or faces a breach.
When it comes to databases in particular, here are a few security best practices that could help your business fight against database takedowns and breaches:
- Define strong password policies.
- Remove stale user accounts.
- Change the default username for admins.
- Restrict user privileges.
- Encrypt sensitive business data.
- Keep applications and firmware up-to-date.
Special note should be placed on that last point. According to Gartner’s predictions, 99 percent of vulnerabilities exploited by 2020 will continue to be the ones that security and IT professionals have known about for at least one year. This extends beyond just databases and is something to keep in mind for all data storage operations.
Lastly, you need to audit employee login and logoff behavior, manage USB connections, and provide employees with only the minimal amount of privileges needed for them to complete their work. You don’t want to have an air-tight storage and recovery plan unraveled by a malicious insider or an irreversible mistake.
Data loss is an unfortunate fact of life for businesses. With these tips, however, you can go forth into 2020 confident in the integrity of your data.
